Create a decoy WMI provider that responds to attacker queries with fabricated or misleading information. This can be used to confuse attackers, disrupt their reconnaissance efforts, or gather information about their WMI-based tools and techniques.
Category: ACD Elements
Deceptive API Call Hooking with Modified Return Values
Intercept specific API calls made by applications and return modified or fabricated data to mislead attackers or disrupt their tools. This can be used to conceal sensitive information, trigger errors in attacker utilities, or gather intelligence on their techniques.
Fake Named Pipe with Delayed Response
Create a decoy named pipe that mimics a legitimate inter-process communication channel but introduces a significant delay before responding to client requests. This can be used to identify attackers attempting to exploit vulnerabilities or gather information through named pipes, as well as to disrupt their activities.
Fake SSH Server with Interactive Honeytrap
Deploy a fake SSH server that mimics a legitimate one but presents an interactive shell environment with fabricated system information and files. This can be used to engage attackers, gather information about their skills and intentions, and waste their time.
Deceptive Web Application with Fake Login Form
Create a decoy web application that mimics a legitimate login page but captures attacker credentials and redirects them to a controlled environment. This can be used to identify attackers, gather information about their targets, and prevent them from accessing real systems.
Fake Network Service with Unexpected Protocol Behavior
Deploy a network service that mimics a legitimate one but responds to requests with unexpected or non-compliant protocol behavior. This can be used to confuse attackers, trigger vulnerabilities in their tools, or gather information about their scanning techniques.
Deceptive HTTP Response with Delayed Content
Craft a web server that responds to HTTP requests with a delayed response body. This can be used to frustrate attackers, slow down automated tools, or identify attackers who are actively monitoring network traffic.
Fake API Gateway
Deploy a decoy API gateway that mimics a legitimate one but intercepts requests and returns fabricated or manipulated responses. This can be used to mislead attackers, disrupt their tools, or gather information about their intentions.
Google Cloud Functions Honeypot
Deploy a decoy Google Cloud Function that appears to perform a sensitive operation (e.g., accessing a database, processing payment information) but, in reality, only logs invocation attempts and attacker-supplied data.
Deceptive OAuth 2.0 Consent Screen
Craft a fake OAuth 2.0 consent screen that mimics a legitimate Google service but requests excessive or unusual permissions. Monitor interactions with this screen to identify attackers attempting to trick users into granting unauthorized access.